Traditionally, when a client machine, such as a laptop or desktop computer, is booted, the client machine prompts the user to provide a key (e.g., enter a password). The client machine then waits for the user to provide the key and does not continue the boot procedure until the user provides the key. The client machine is unable to decrypt its booting instructions, which the client machine executes in order to boot, until the client machine receives the key.
This booting scheme requires a person who has access to the key to be physically present at the client machine in order to boot the client machine. However, in some cases, a remote client machine may need to be booted while system administrators, who have access to the key, are far away from the client machine. A naïve solution would be to remove the key and to permanently decrypt the booting instructions. However, this greatly reduces the security of the data on the client machine.